This is the idea of applying blockchain technology to distinguish whether an AI agent, particularly when executing an MCP (Model Context Protocol), is genuine or fake.
Positive Aspects (Pros) 🚀
Blockchain technology can offer several potential benefits for enhancing the trustworthiness and transparency of AI agents and their MCPs:
- Identity Verification and Registration:
- Each AI agent can be assigned a unique digital ID and registered on the blockchain. This helps prove that the agent executing a specific MCP is an authorized agent and not an impersonator.
- By storing an agent’s public key on the blockchain, the authenticity of data or messages generated by the agent can be verified through signature verification.
- Execution Logging and Audit Trails:
- Key execution steps, decisions, or outputs of an MCP can be recorded on the blockchain with a timestamp. Due to the immutability of the blockchain, this record is tamper-proof and useful for post-audits and accountability.
- This allows verification of whether a specific MCP was executed according to a defined protocol or if it was altered in an unexpected way.
- Transparency and Verifiability:
- (Depending on the public or permissioned blockchain setup) Stakeholders can access MCP execution records to independently verify their authenticity and integrity.
- This can play a crucial role in identifying “fake” or manipulated MCP execution results.
- Decentralized Trust:
- It enables the establishment of an environment where the authenticity of agents and their activities can be trusted without relying on a centralized certifying authority. This is particularly useful in systems where multiple autonomous AI agents interact.
Considerations and Challenges 🤔
When applying blockchain technology, the following practical issues and technical challenges must be considered:
- Defining “Genuine”:
- A clear definition of what constitutes a “genuine” MCP or AI agent is needed. Is it the original developer’s code? Is it a version approved by a specific institution? Or is it an instance with specific execution permissions? Blockchain guarantees the authenticity of registered information, but reaching a consensus on what the “genuine” criteria are is an issue beyond the technology itself.
- A clear definition of what constitutes a “genuine” MCP or AI agent is needed. Is it the original developer’s code? Is it a version approved by a specific institution? Or is it an instance with specific execution permissions? Blockchain guarantees the authenticity of registered information, but reaching a consensus on what the “genuine” criteria are is an issue beyond the technology itself.
- Scalability and Cost:
- Recording all MCP execution-related data on the blockchain can incur significant transaction costs and processing time. Especially if AI agent activities are frequent and data volumes are large, the performance limits (TPS) of the blockchain can be reached.
- To address this, one might need to consider a combination of off-chain storage with on-chain hash recording, Layer 2 solutions, or application-specific blockchains (appchains).
- Privacy:
- If MCP execution records contain sensitive information or business logic, recording them on a public blockchain can lead to privacy infringement issues.
- In such cases, using permissioned or private blockchains or applying privacy-enhancing technologies like Zero-Knowledge Proofs should be considered.
- “Garbage In, Garbage Out” Principle:
- Blockchain guarantees the integrity (that it hasn’t been changed) of recorded data, but it does not guarantee the accuracy or truthfulness of the data initially recorded. If a malicious user registers a “fake” agent or MCP as “genuine” on the blockchain, or manipulates initial data for recording, the blockchain will faithfully record and protect that “fake” information.
- Therefore, mechanisms to ensure the trustworthiness of data at the initial point of recording (e.g., trusted oracles, multi-signatures) are crucial.
- The Oracle Problem:
- When an AI agent operates based on real-world data or interacts with external systems to execute an MCP, the problem of how to reliably bring this external data onto the blockchain (the Oracle Problem) must be solved.
- When an AI agent operates based on real-world data or interacts with external systems to execute an MCP, the problem of how to reliably bring this external data onto the blockchain (the Oracle Problem) must be solved.
- Granularity of MCP Logging:
- A decision needs to be made about the level of detail of MCP execution to be recorded on the blockchain. Too much detail can exacerbate scalability issues, while too little might reduce the effectiveness of authenticity verification.
Conclusion and Recommendations 💡
Applying blockchain technology to distinguish the authenticity of AI agents and MCPs is certainly a promising approach. It can be an effective solution, especially in systems where trustworthiness and transparency are critical.
However, the various challenges mentioned above must be carefully reviewed and addressed. Initially, the following approaches could be considered:
- Apply the technology restrictively to the most critical AI agents or sensitive MCPs to verify its utility and identify issues.
- Rather than recording all data on-chain, prioritize storing data off-chain and recording only its hash value or proof on-chain.
- Select the appropriate type of blockchain (public, private, consortium) based on system requirements and, if necessary, combine it with privacy-enhancing technologies.
- In addition to blockchain, consider combining it with other security technologies like existing cryptographic methods (e.g., digital signatures) or Trusted Execution Environments (TEE) to build a multi-layered security framework.
Ultimately, the decision to adopt blockchain technology and the scope of its application should be determined by comprehensively considering the specific problem being solved, the characteristics of the system, and available resources.
AI Talk.ch is preparing a new service that incorporates blockchain technology following MCP.
